According to the report from the Centre of Interdisciplinary Law and ICT at the University of Leuven in Belgium, the most popular social network violates European legislation, even despite recent updates to its privacy policy. The report explains that Facebook’s privacy policy update a few weeks ago had only expanded older practices, while still violating European consumer protection legislation.

The report states that Facebook’s Statement of Rights and Responsibilities contains provisions that fail to comply with the Unfair Contract Terms Directive, and they are set to persist in the current year.

Apparently, Facebook’s policies referring to profiling for 3rd-party advertising fail to meet the requirements for legally valid consent. Moreover, the company allegedly fails to offer adequate control mechanisms for material generated by users for commercial purposes. The European watchdog claims that the social network places too much burden on users, who are supposed to navigate the complex web of settings of the service to find out whether they have an opt-out option.

Moreover, the Centre of Interdisciplinary Law and ICT claimed that there is no way to stop the social network from collecting location data on its users via its smartphone application. The only thing users can do to prevent it is stop location access on the device at the OS level. This means that users have no choice concerning their appearance in “sponsored stories” or the sharing of location data. Moreover, the Belgian privacy commission believes that Facebook users are not provided with adequate information that could help them make informed choices where those are available.

The conclusion of the report was that the collection or use of device data envisaged by Facebook’s updated data use policy fails to comply with the requirements of the EU e-Privacy Directive. The latter requires free and informed prior consent before storing or accessing data on a user’s device.

Facebook was open to discuss the report, arguing that its privacy policy doesn’t break Belgian data protection laws. At the moment, the company is already being investigated by the Dutch data protection authority and was asked to delay rollout of its new privacy policy in this regard. Moreover, Facebook is also being probed by data regulators from multiple European countries.

In respond, Facebook insists that it updated its terms and policies to better reflect new product features and highlight how it is trying to improve people’s control over advertising. The company believes that the updates comply with all applicable laws, as its product and policy updates are always reviewed by the Irish Data Protection Commissioner (Facebook is registered in Dublin). The Commissioner is supposed to oversee Facebook’s compliance with the EU Data Protection Directive as implemented under Irish law.